← Back to Sol Wager

Privacy Policy

Last updated: 2026-06-10

Summary (the short version)

We collect as little as possible. Crypto wagering doesn't need your real name, email, address, or government ID, and we don't collect any of that by default. We do collect: your wallet address (it's how we identify you), your IP (necessary for rate-limiting and abuse prevention), and your game history (necessary to determine payouts and run leaderboards).

1. What we collect

From you, automatically

  • Wallet public key — your Phantom (or equivalent) Solana wallet address, which serves as your identity
  • IP address — for rate-limiting and abuse prevention
  • Game activity — lobbies you join, wagers you place, results of games, payouts, deposits, withdrawals
  • Session state — Socket.IO session IDs, authentication nonces (short-lived, never persisted)

From you, voluntarily

  • Support tickets — name, email, and message content if you contact us via our support form
  • Referral codes — the referral code (if any) from the URL that brought you to the site, stored briefly in your browser's localStorage

Generated by us, on your behalf

  • Platform wallet keypair — a new Solana keypair we generate to hold your in-app balance. The private key is encrypted with AES-256-GCM before being stored. See the Fairness page for details.
  • Referral code — a unique 6-character code assigned to your account so you can refer others

2. How we use the data

  • To run the games — match you to lobbies, credit wins, deduct fees, return refunds
  • To prevent abuse — detect multi-accounting, bots, and collusion via IP and wallet activity
  • For leaderboards and activity feed — your wallet address and game outcomes appear publicly on the leaderboard and the homepage activity ticker. (Wallets are public on-chain anyway.)
  • For support — to respond to your inquiries
  • For platform improvements — aggregate, non-identifying analysis of which games are popular, where players drop off, etc.

We do not sell your data, share it with advertisers, or use it for retargeting.

3. How we store and secure your data

  • Database: Managed Postgres hosted by Render, encrypted at rest. Backups are handled by Render's managed-database platform.
  • Wallet private keys: encrypted with AES-256-GCM using a 32-byte key stored only as a server environment variable. Each key has a unique initialization vector and authentication tag so tampering is detectable. The encryption key never leaves the server, never appears in logs, and is not stored in the database.
  • Server logs: structured JSON via Pino, retained for up to 30 days on Render. We deliberately do not log private keys, sensitive request bodies, or session secrets.
  • Transport: All traffic between your browser and our servers is TLS-encrypted (HTTPS / WSS)

No system is perfectly secure. In the event of a breach affecting your data, we will notify affected users via in-app banner and via email (if we have one on file) within 72 hours of confirmation.

4. Third-party processors we rely on

We use the following third-party services to operate Sol Wager. Each processes only the data necessary for its role:

  • Render (server + database hosting) — receives game-state data, encrypted wallet keys, logs
  • Vercel (frontend hosting) — receives HTTP requests, serves static assets, can see your IP for routing
  • Helius (Solana RPC) — sees your platform and personal wallet addresses when we query/transact on your behalf. Helius does not see your private key.
  • Solana blockchain — all on-chain transactions are public and permanently recorded
  • Resend (optional, email for support tickets only) — receives the contents of support tickets you send
  • Jupiter (SOL price oracle) — we query current SOL/USD price; no user data is sent

5. Cookies and local storage

Sol Wager does not use tracking or advertising cookies. We use a single strictly-necessary cookie:

  • Session cookie — after you sign in by signing a message with your wallet, we set an HttpOnly session cookie so you don't have to re-sign on every visit. It holds a signed token bound to your wallet, expires after 30 days, and is not readable by JavaScript. It is used only to authenticate you — never for tracking. Disconnecting your wallet clears it.

We also use browser localStorage for pending referral codes (up to 30 days, so they survive wallet-connection attempts) and UI preferences (game settings, theme).

The Solana wallet adapter (Phantom, etc.) may store its own data locally. We have no control over that.

6. Data retention

  • Game history: retained indefinitely for leaderboards and accounting integrity
  • Financial ledger and on-chain identifiers: your wallet address and transaction signatures are retained in our financial ledger — specifically game_history.winner_public_key, game_participants.player_public_key, and transactions.from_wallet / to_wallet / tx_signature — under legal-obligation and legitimate-interest record-keeping. Because these are the join keys that tie the ledger, payouts, and leaderboards together, they are not removed when you erase your account (your address is already public on the Solana blockchain regardless).
  • Event / audit log: security and integrity events (auth, money movements, admin actions) are retained for roughly 3 years for fraud investigation, dispute resolution, and forensic accounting
  • Encrypted wallet keys: retained as long as you have a non-zero balance or active referral relationship
  • Support tickets: retained for 1 year
  • Server logs: up to 30 days
  • Pending referral codes (localStorage): 30 days unless consumed

7. Your rights

Depending on your jurisdiction, you may have rights to:

  • Access the data we hold about you
  • Correct inaccurate data
  • Delete your data, subject to legal retention requirements
  • Export your data in a portable format
  • Object to certain processing

To exercise any right, submit a request via the support form including the wallet address whose data you want acted on. We will respond within 30 days. We may need to verify ownership of the wallet (typically by requesting a signed message from it).

8. International users

Sol Wager is operated from servers in the United States. By using the Service, you consent to having your data processed there. If you are in a country with stricter privacy laws (e.g., EU GDPR, UK GDPR, Brazil LGPD), those laws apply to our handling of your data.

9. Children

Sol Wager is not for users under 18. We do not knowingly collect data from minors. If you believe a minor has connected a wallet, please contact us and we will close the account.

10. Changes to this Policy

We may update this Privacy Policy. Material changes will be announced via in-app banner. The "Last updated" date at the top reflects the most recent change.

11. Contact